FCC Takes Steps Toward Squeezing Out Huawei, ZTE

The Federal Communications Commission voted unanimously Friday to ban telecommunications companies from using FCC funds to buy equipment from Chinese manufacturers Huawei and ZTE because they pose a "national security threat." The move comes as telecom firms are ramping up their efforts to build 5G networks.

Under the ban, companies can no longer use money from the FCC's $8.5 billion Universal Service Fund to buy equipment from the two companies. The fund is designed to help provide all Americans, especially those in rural areas, with access to communication technologies.

In addition, the FCC issued a notice of proposed rulemaking calling for requiring telecom companies that receive money from the Universal Service Fund to remove and replace gear from Huawei and ZTE. It's seeking suggestions on how to pay for the removal and replacement of the equipment.

"To aid in the design of a removal and replacement program, the FCC will conduct an information collection to determine the extent to which eligible telecommunications carriers have equipment from Huawei and ZTE in their networks and the costs associated with removing and replacing such equipment," the FCC says in a statement.

'Longstanding Concerns'

"We take these actions based on evidence in the record as well as longstanding concerns from the executive and legislative branches," Pai said in a statement.

"Both companies have close ties to China's Communist government and military apparatus. Both companies are subject to Chinese laws broadly obligating them to cooperate with any request from the country's intelligence services and to keep those requests secret. Both companies have engaged in conduct like intellectual property theft, bribery and corruption."

In a statement, the FCC notes: As the United States upgrades its networks to the next generation of wireless technologies - 5G - the risk that secret "backdoors" in our communications networks will enable a hostile foreign power to engage in espionage, inject malware or steal Americans' data becomes even greater. ... The public funds in the FCC's USF [Universal Service Fund] ... must not endanger national security through the purchase of equipment from companies posing a national security risk."

A challenge with 5G supply chain is that there are few suppliers of network equipment. But what if #5G networks were virtualized? Enjoyed meeting w/ Boston-based @altiostar and hearing about their plans to deploy software-based solutions for security, cost-savings, & efficiency.

FCC Commissioner Jessica Rosenworcel, in a statement, called the FCC's moves long overdue and demanded more action.

"While I approve today's decision and rulemaking, I think the FCC has more work to do when it comes to network security," she says. "Because our present efforts to remove and replace insecure equipment are not bold enough. We need a coordinated, national plan for managing the future of 5G security - and the evidence all around us makes crystal clear we don't have one."

Huawei Responds

Responding to the FCC's decision, Huawei said it was based on "innuendo, and mistaken assumptions," according to The Register

The Chinese firm added: "Huawei believes this order is unlawful as the FCC has singled out Huawei based on national security, but it provides no evidence that Huawei poses a security risk. Instead, the FCC simply assumes, based on a mistaken view of Chinese law, that Huawei might come under Chinese government control."

Other Actions Delayed

The Trump administration has already taken other action against Huawei, moving to block U.S. businesses from working with the company. But for the third time, that ban has been delayed by the U.S. Commerce Commission for 90 days; now it will not go into effect until February.

"The temporary general license extension will allow carriers to continue to service customers in some of the most remote areas of the United States who would otherwise be left in the dark," Commerce Secretary Wilbur Ross said in a statement last week.

The Commerce Department also began issuing separate licenses last week to individual companies that will allow them to continue doing business with Huawei even once the ban goes into full effect, according to The Hill.

But 15 senators have sent a letter to President Donald Trump urging an end to granting those licenses.

"Given the security risks posed by Huawei's operations in the U.S., we request that you take immediate action to suspend the approval of such licenses and ensure Congress is appropriately informed about the license approval process and related national security implications going forward," the senators wrote.

Meanwhile, a bill introduced in the House would provide $1 billion to help telecommunications carriers, especially smaller and rural operators, replace Chinese-built gear (see: Support for Expunging Huawei Gear From Carrier Networks Grows). A similar bill introduced earlier in the Senate bill calls for allocating $700 million for the same type of equipment replacement initiative.

About the Author

Asokan is senior correspondent for Information Security Media Group's global news desk. She has previously worked with IDG and other publications where she reported on developments in technology, minority-rights and education.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;